Today:  US House on Cybersecurity Vulnerability Disclosure Practices, FTC Paper on Informational Injuries, and FTC Hearings on Competition and Consumer Protection Continue

US House On Cybersecurity Vulnerability Disclosure Practices

The House Energy and Commerce Committee, chaired by Rep. Greg Walden (R-OR) released a white paper detailing the committee’s investigation and recommendations regarding coordinated vulnerability disclosure (CVD) cybersecurity practices.  The committee offered two main recommendations to support public and private sector organizations in their adoption of CVD programs as part of their cybersecurity risk management strategies.

1. Congress should explore ways to clarify the differences between “hacking” and CVD practices, to incentivize organizations to adopt CVD programs, and to offer protections to CVD participants who perform CVDs in accordance with modern best practices.
2. Congress should explore ways to encourage federal agencies and private sector stakeholders to address and minimize the negative public responses to CVDs.

The paper concludes that: “The growth of the Internet and connected technologies comes with an inescapable increase in the complexity and vulnerability of modern systems. These risks are shared across all facets and sectors of society, and no one organization is truly capable of managing these risks on its own.  The nature of our modern connected society requires collaboration, and thus—as recent years have manifestly demonstrated—CVD remains one of the most valuable, effective methods for embracing that collaboration and facing those risks. Consequently, Congress, the rest of the federal government, the private sector, and third-parties should all find ways to support and adopt CVD.”

FTC Paper on Informational Injuries

Staff of the Federal Trade Commission released a paper outlining key takeaways from a the FTC’s  December 12, 2017 workshop examining informational injuries consumers may suffer from privacy and security incidents.  (Informational injuries are injuries – both market-based and non-market – that consumers may suffer from privacy and security incidents, such as data breaches or unauthorized disclosure of data.)  The paper discusses several examples of harm that consumers have suffered as a result of such incidents, including:

• medical identity theft
• doxing, the deliberate and targeted release of private information about an individual
• disclosure of private information
• erosion of trust

Participants noted that these injuries, and the risk of these injuries, must be balanced against the value of information collection. One key benefit of information collection is that it supports an ad-funded  Internet.  Participants did not agree on when governments should intervene to address potential injuries to consumers. They did coalesce, however, around factors governments should consider when deciding whether action is required, such as the sensitivity of the information at issue, how the information will be used, and whether the information is anonymized or identifiable.  Workshop participants also agreed on the need for more research on a broad range of privacy and data security issues to help guide policymakers and law enforcement.

FTC – Hearings on Competition and Consumer Protection Continue

The FTC has issued a press release with details for its fourth session of its Hearings on Competition and Consumer Protection in the 21st Century.  This hearing will focus on Innovation and Intellectual Property Policy.  Additional information and an event description can be found here.

 ____________________________

The Regulatory Mix, Inteserra’s blog of telecom related regulatory activities, is a snapshot of PUC, FCC, legislative, and occasionally court issues that our regulatory monitoring team uncovers each day. Depending on their significance, some items may be the subject of an Inteserra Briefing.